Start an “emergency call” to a bogus number like “###”, then quickly hit the lock button atop the iPhone — boom, you’ve got full access to the Phone app, including call history and voicemail.
Oddly, or at least coincidentally, it seems to be fixed in iOS 4.2 beta 3 — I can’t reproduce this on my iPhone with 4.2b3 installed, but can on another iPhone with 4.1. Also odd is how similar the exploit is to this one from two years ago — which was also discovered by a MacRumors forum poster. You’d think Apple would have given iOS’s emergency-call-while-locked code a more thorough audit — the thing only has two non-volume hardware buttons, and both of them have now been found to allow the lock screen to be bypassed.
★ Monday, 25 October 2010